Search Results (36979 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-35599 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 9.8 Critical
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode.
CVE-2022-35598 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 9.8 Critical
A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.
CVE-2022-35487 1 Zammad 1 Zammad 2024-11-21 7.5 High
Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files.
CVE-2022-35422 1 Web Based Quiz System Project 1 Web Based Quiz System 2024-11-21 9.8 Critical
Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php.
CVE-2022-35421 1 Online Tours And Travels Management System Project 1 Online Tours And Travels Management System 2024-11-21 7.2 High
Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php.
CVE-2022-35193 1 Testlink 1 Testlink 2024-11-21 7.2 High
TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
CVE-2022-35175 1 Barangay Management System Project 1 Barangay Management System 2024-11-21 9.8 Critical
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php.
CVE-2022-35166 1 Jpeg 1 Libjpeg 2024-11-21 5.5 Medium
libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.
CVE-2022-35165 1 Axiosys 1 Bento4 2024-11-21 5.5 Medium
An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input.
CVE-2022-35154 1 Shopro 1 Mall System 2024-11-21 9.8 Critical
Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter.
CVE-2022-35148 1 Maccms 1 Maccms 2024-11-21 6.5 Medium
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html.
CVE-2022-35121 1 Xxyopen 1 Novel-plus 2024-11-21 9.8 Critical
Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.
CVE-2022-35115 1 Icewarp 1 Webclient Dc2 2024-11-21 9.8 Critical
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.
CVE-2022-34989 1 Fruits Bazar Project 1 Fruits Bazar 2024-11-21 9.8 Critical
Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email parameter at user_password_recover.php.
CVE-2022-34972 1 So Filter Shop By Project 1 So Filter Shop By 2024-11-21 9.8 Critical
So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data.
CVE-2022-34968 1 Percona 1 Percona Server 2024-11-21 7.5 High
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.
CVE-2022-34956 1 Pligg 1 Pligg Cms 2024-11-21 9.8 Critical
Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php.
CVE-2022-34955 1 Pligg 1 Pligg Cms 2024-11-21 9.8 Critical
Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php.
CVE-2022-34954 1 Phptpoint 1 Pharmacy Management System 2024-11-21 9.8 Critical
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php.
CVE-2022-34953 1 Phptpoint 1 Pharmacy Management System 2024-11-21 9.8 Critical
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php.